KR101356493B1 - Method for moving digital contents and rights object thereto and device thereof - Google Patents

Abstract

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to digital rights management (DRM), and more particularly to a method of moving DRM content and / or its right to use, and an apparatus (terminal) for implementing the method. The present invention provides a method for a first user to join a plurality of devices to a specific domain (or group), and to allow the joined devices to share a right to use the domain. A domain usage right is transferred (or transferred) through a multimedia card such as a card, and second, devices joined to the domain play back DRM content for the domain right by using the domain right.

Digital Copyright, DRM, Rights, SRM, Smart Card

Description

METHOD FOR MOVING DIGITAL CONTENTS AND RIGHTS OBJECT THERETO AND DEVICE THEREOF}

1 is a block diagram of a general DRM system.

2 is a block diagram of a digital rights management (DRM) system in accordance with the present invention.

3 is a signal flow diagram illustrating a method for transferring domain rights using a smart card according to a first embodiment of the present invention.

4 is an example of an XML schema of a Join Domain Request message and parameters included in the message in the present invention.

5 is an example of an XML schema of a Join Domain Responce message and parameters included in the message in the present invention.

6 is a block diagram of a digital rights management (DRM) system as a second embodiment of the present invention.

7 is a schematic block diagram of an apparatus according to the invention.

******* Description of the symbols for the main parts of the drawing ********

10: device 1 (connected device) 20: smart card

30: device 2 (unconnected device) 40: license issuer (RI)

50: content issuer (CI) 60: domain A

100: device

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to digital rights management (DRM), and more particularly to a method for moving and sharing DRM content and / or its right to use, and an apparatus (terminal) for implementing the method.

In general, digital rights management (DRM) is a technology to securely and systematically manage the rights of digital content (Rights Object: RO), to prevent illegal copying of content and to acquire the right to use content. It provides a set of protection and management mechanisms for the creation, distribution, and use of the product.

1 is a block diagram of a general DRM system.

As shown in FIG. 1, the DRM system controls the content provider to use the content transmitted to the user only as much as the user right granted to the user. Here, the content provider is an entity corresponding to a content issuer (CI) and / or a right issuer (RI).

The content issuer (CI) issues protected content (hereinafter referred to as DRM content) using a specific encryption key to protect the content from users who do not have access rights, and the rights issuer (RI) issues a DRM. Issue the right to use the content.

The DRM agent is mounted on the terminal, receives the content and the right from the content issuer and the right issuer, respectively, and interprets the permissions and / or constraints included in the right to use the content on the device. To control. That is, the terminal may use the DRM content under the permission or restriction of the right of use held by the terminal.

In addition to this conventional DRM technology, the implementation of the following new technology is required.

That is, a user who owns a plurality of terminals may wish to share and use DRM content in all of the plurality of terminals.

In addition, a user who owns a plurality of terminals constitutes a predetermined group or domain, and may wish to share the DRM content and the right to use the DRM content in the domain.

In addition, in order to share the DRM content and the right to use the DRM content, there is a need for a technical method of transferring (delivering) the DRM content and the right to use the DRM content between a plurality of terminals of the user through a wired or wireless physical medium.

Accordingly, an object of the present invention is to move (deliver) the DRM content and the right to use the DRM content through a physical medium among a plurality of terminals in order to share the DRM content and the right to use the DRM content. .

In order to achieve the above object, the right of use movement method in the digital rights management system according to the present invention,

(A) a user joining a first device and at least one second device to a particular domain;

(B) receiving, by the first device, first information about a domain right from an RI;

(C) the first device communicating the first information to a third device;

(D) the third device forwarding the information to the second device.

Advantageously, the first device further comprises receiving at least one of domain content and domain usage rights from the RI.

Preferably, step (C) further comprises the step of authenticating the first device by the third device before the first device transmits the information to the third device.

Preferably, the step (D) further comprises the step of authenticating the third device by the first device before the third device transmits the information to the second device.

Advantageously, step (A) comprises: registering the first device and at least one or more second devices owned by the user with the RI;

Receiving, by the first device, a domain list provided by the RI;

The first device selecting the specific domain in the domain list;

And joining the first device and the at least one second device to the specific domain.

In addition, in order to achieve the above object, in the digital rights management system according to the present invention rights sharing method,

Delivering, by the first device, first information about a domain right of use to the third device;

Detaching, by the user, the third device from the first device and mounting the second device to the second device;

Receiving, by the second device, the first information from the third device;

The second apparatus decrypts the domain right using the first information, and uses the decoded domain right to use the DRM content.

In addition, in order to achieve the above object, the device according to the present invention,

A socket part to which the multimedia medium can be mounted and detached;

A transmitter / receiver for accessing a Rights Issuer (RI), transmitting and receiving a signal for performing registration, and receiving a list of domains provided by the RI;

A display unit which displays the domain list;

A DRM agent processing a signal for joining at least one device owned by the user to the specific domain when the user selects a specific domain from the domain list, in order for the user to share domain rights in the specific domain;

A memory for storing domain context and domain usage rights received from the RI;

Process signals using DRM content using the domain context and the domain right,

And a processing unit for processing to transfer the domain context and the domain right to the multimedia medium mounted in the socket.

The present invention is applied to a DRM system and apparatus using digital copyright. However, the present invention can also be applied to wired / wireless communication.

The basic concept of the present invention is that a first user can join a plurality of devices (terminals) to a specific domain (or group), and the subscribed devices can share the right to use the domain. For example, a multimedia card (such as a Secure Momory Card (SMC)) is used to transfer (or deliver) a domain right, and secondly, devices joined to the domain may use DRM content for the domain right by using the domain right. To play.

The technical terms used in the present invention will be briefly described as follows.

The terminal according to the present invention may be commonly used as a device and includes all terminals capable of using digital content. That is, the terminal according to the present invention, i.e., the device, is a mobile communication terminal (e.g., user equipment (UE), mobile phone, cellular phone, DMB phone, DVB-H phone, PDA phone, and PTT) that can use digital content. Phone, etc.), digital TV, GPS navigation, handheld game consoles, MP3 and other home appliances, and the like. Therefore, in the description of the present invention, the terminal is used interchangeably as the same meaning as the device.

A domain is a collection or device of which one or more devices are members. An object managed by a license issuer (RI) or a domain authority (DA), which has a domain key uniquely assigned to each domain, and the domain key is a domain RO. For encryption and / or decryption. The domain right is issued by the rights issuer (RI) and includes a right to use the DRM content encrypted by the domain key. The DRM content is configured to be decrypted based on an encryption key included in the domain right to be used by the user who obtained the domain key. Therefore, only devices that are joined to a specific domain (specifically, the DRM agent of each of those devices) decode the domain right by using the domain key, and render the DRM content by using the decoded domain right. can do. On the other hand, the DRM agent is mounted on a specific device to perform the join (join) and / or leave (leave) process of the domain, and to transfer the domain right to the other DRM agent belonging to the domain through a wired or wireless media To perform.

The right to use (RO) for DRM content is divided into stateful RO and stateless RO. A stateless RO is an RO in which the device does not manage state information. Stateful RO is an RO where the device must explicitly manage state information so that the permissions and constraints indicated in the RO are applied correctly. Constraint managed by the status information is the interval of use, the number of times of use, the number of timed counts, and the accumulation.

In addition, the state information is information that can know the amount available in the future and one is managed for each stateful RO. For example, the state information may be managed in the form of the number of times used, the time, etc., or may be managed in the form of the remaining use times, the remaining use time, and the like.

The DRM content may be issued from a content issuer (CI) or the usage rights issuer (RI).

A connected device (hereinafter referred to as a “connected device”) is a device having a function of directly connecting to a RI by wire or wirelessly. On the other hand, an unconnected device (hereinafter referred to as an "unconnected device") is a device without a communication function capable of directly connecting to an RI.

A smart card is a generic term for a medium or device, such as a secure memory card (e.g., a SIM or MMC) with physical memory and / or agents.

Hereinafter, with reference to the accompanying drawings will be described the configuration and operation of the embodiment of the method for delivering the right to use digital rights management according to the present invention.

2 is a block diagram of a digital rights management (DRM) system in accordance with the present invention. In FIG. 2, it is assumed that a specific user (hereinafter referred to as 'user A') owns two DRM devices, that is, device 1 and device 2. FIG. Here, it is assumed that device 1 10 is a connected device with a communication function, for example, a mobile phone, and device 2 30 is an unconnected device without a communication function, for example, an MP3 player. In addition, it is assumed that user A owns a multimedia (for example, smart card) 20 as a physical medium that can be inserted into and used in device 1 (10) and device 2 (30).

Hereinafter, the basic concept of the present invention will be described with reference to FIG.

As shown in FIG. 2, user A (not shown in FIG. 2) has devices owned by him or her in a particular domain, such as domain A 60, created and managed by RI 40, i. 10) and the MP3 player 30 (S1). At this time, the device 1 (10) receives a domain key from the RI. Meanwhile, the domain key may be transferred from the RI 40 to the device 1 10 through a so-called domain context. The domain context contains information (e.g., domain key, domain identifier, expiration time, etc.) required to establish domain rights.

User A connects to RI and / or CI using device 1 (10) to receive DRM content and domain usage rights for the DRM content (S2).

User A attempts to share the DRM content and / or domain usage rights held by device 1 10 with device 2 30 subscribed to domain A 60. In this case, the user A may share the DRM content and / or domain right between the device 1 (ie, the mobile phone) 10 and the device 2 (ie, the MP3 player) 30 using the smart card 20. have. That is, user A transmits the domain context for installing the domain right existing in the device 1 (10) to the smart card 20 (S3), and mounts the smart card 20 in the device 2 (30). (S4). Meanwhile, the DRM content and / or domain right may be directly transmitted from the device 1 (10) to the device 2 (30) through a wired or wireless channel. Alternatively, the DRM content and / or domain right may be first applied to the device 1. It may be transferred from the smart card 20 to the smart card 20 and stored in a predetermined memory there, and then transferred from the smart card 20 to the device 2 30.

The user A installs the domain right using the domain context stored in the smart card 20 through the device 2 30, and then renders the DRM content using the installed domain right. rendering).

On the other hand, when the domain context is transferred between the device 1 10 and the smart card 20 and between the smart card 20 and the device 30, an authentication process is performed, respectively.

Hereinafter, the DRM system of FIG. 2 will be described in more detail with reference to the signal flowchart of FIG. 3.

3 is a signal flow diagram illustrating a method for transferring domain rights using a smart card according to a first embodiment of the present invention. However, in FIG. 3, a content provider (CP) may be RI or CI. In addition, the RI may be a portal of a content provider.

In FIG. 3, it is assumed that user A owns two DRM devices, that is, device 1 and device 2. Here, it is assumed that device 1 10 is a connected device with a communication function, for example, a mobile phone, and device 2 30 is an unconnected device without a communication function, for example, an MP3 player. In addition, it is assumed that user A owns a multimedia (for example, a smart card) 20 as a physical medium or a device that can be inserted into and used in device 1 (10) and device 2 (30).

Referring to FIG. 3, the user A accesses the content provider RI 40 by using the device 1 (10) having a communication function, and registers the device 1 (10) and the device 2 (30) with the RI (40). (S31 and S32). At this time, the user A registers the device 1 10 with the RI 40 first, and then registers the unconnected device to be registered with the RI 40.

User A joins device 1 10 to a particular domain (eg, assumes 'domain A') (S33). Here, the specific domain is one of a plurality of domains created and managed by the RI 40.

When the RI 40 inquires whether to add the device 2 30 to the domain A registered by the user A in addition to the device 1 10, the user A joins the device A, which is an unconnected device, to the domain A. That is, the user A notifies the RI 30 that the device 2 is another device owned by the user A, and browses through the device 1 10 to download the domain content (S34). The RI 40 transmits the domain list that is created and managed by the RI 40 to the device 1 10 (S35). Then, the user selects a specific domain (for example, domain A) to join device 2 from the domain list (S36).

The RI 40 transmits a trigger message (for example, a Join Domain Trigger message) to the device 1 10 so that the user A joins the device 2 to the selected domain A through the device 1 10 (S37). ). After receiving the Join Domain Trigger message, the device 1 10 sends a request message (eg, a Join Domain Request message) to the RI 40 to join the device 2 30 to the domain A (S38). ). At this point, an example of an XML schema of the Join Domain Request message and parameters included in the message is shown in FIG. 4. As shown in FIG. 4, the Join Domain Request message includes at least one parameter. In particular, the Join Domain Request message includes one or more deviceID parameters, for example, the deviceID of the device 1 (10), which is the subject that sends the Join Domain Request message, and the deviceID of the devices to join the domain A, that is, the device 2 ( 30) deviceID.

The RI 40 sends a response message (for example, a Join Domain Response message) to the device 1 10 as a response to the Join Domain Request message (S39). In this case, the Join Domain Response message includes the domain context for the device 2 (30). Here, the domain context includes information necessary for installing the domain right in the smart card 20, that is, a domain key, a domain identifier, an expiration time of the domain right, and the like.

In addition, an example of an XML schema of the Join Domain Response message and parameters included in the message is shown in FIG. 5. As shown in FIG. 5, the Join Domain Response message includes at least one parameter. In particular, among the parameters (or elements) of FIG. 5, the first 'domainInfo' element is the domain key for devices (i.e., device 1 or device 2) that are identifiers and that RI 40 is subscribed to domain A. It occurs every time you issue a. At this time, the domain key is encrypted with each public key of the devices (ie, device 1 or device 2). Second, the 'deviceID' parameter in the 'domainInfo' element is a device identifier that can use a domain key. However, this 'deviceID' parameter does not refer to the ID of the smart card 30. If the RI 40 sends a 'deviceID' parameter in the 'domainInfo' element, this means that the RI 40 already knows the list of device IDs, and the device with the same deviceID is exclusively given the domain key. It can be used (or consumed), while other devices mean that domain content is not available. If the deviceID parameter is not present in the domainInfo element, this means that all devices owned by user A cannot use the domain content. Third, the 'SRMStore' parameter is an attribute in the 'domainInfo' element. The 'SRMStore' parameter tells the DRM agent performing the joinDomain protocol to store the domain key on the smart card 20.

The device 1 (10) stores the received domain context in the smart card 20 (S40). At this time, the smart card 20 is a form that can be separated from the device 1 (10), it is assumed that the current smart card 20 is mounted in the corresponding mounting portion (for example, the slot) of the device 1 (10). do. Here, the smart card 20 includes an agent dedicated to the smart card 20 that can perform at least the storage space and authentication procedures. The smart card 20 is a media medium that can be securely mounted and detached from the device 1 (10) and the device 2 (30), also referred to as Secure Removable Media (SRM). The agent dedicated to the smart card 20 is called an SRM agent.

Meanwhile, in step S40, authentication is performed between the device 1 10 and the smart card 20 (S41). More specifically, authentication is performed between the DRM agent of the device 1 (10) and the SRM agent of the smart card 20, the information represented by the parameters included in the domain context of the step (S39) is used during the authentication process . After the SRM agent of the smart card 20 completes the authentication, the domain context may be transferred from the device 1 10 to the smart card 20. Through this authentication procedure S41, the SRM agent of the smart card 20 can know whether the DRM agent of the device 1 10 is a genuine or allowable agent, which is entitled to receive domain contents from other device. . Further, through the authentication procedure S41, if the DRM agent of the device 1 10 is not a genuine DRM agent, the authentication is revoke. Here, the true DRM agent is a type of DRM agent that can be authenticated.

After completing the authentication procedure, User A accesses RI 40, which plays the role of content provider with device 1 (10) as needed, and selects the desired domain content (e.g., a specific music file). Then, it is downloaded and used (S42 and S43).

Then, if user A wants to use the domain content (i.e., a specific music file) with device 2 (20), which is an unconnected device, user A can send the domain content from device 1 (10) to device 2 via wired or wireless media. (30) can be delivered. In this case, the domain content (ie, a specific music file) may be delivered as a super distribution. In addition, user A may transfer the domain content and / or its domain key to smart card 20 (S44).

User A attaches the smart card 20 to the device 2 (30), that is, the MP3 player (S45). Then, the SRM agent of the smart card 20 is authenticated to determine whether the device 2 is a genuine device (geuin device) joined to the domain A (S46). In the step S46, if the device 2 30 is successfully authenticated as a device joined to the domain A, the device 2 30 retrieves the domain context and the domain contents stored in the smart card 20 (S47). . User A can then use the domain content with device 2 30 while smart card 20 is mounted on device 2 30 (ie, an MP3 player) (S48). However, if smart card 20 is detached from device 2 30, then user A can no longer use domain content through device 2 30.

6 is a block diagram of a digital rights management (DRM) system as a second embodiment of the present invention. In the second embodiment of FIG. 6, among the plurality of domains defined and managed by the RI 40, N devices (that is, devices 1 to N) joined to a specific domain, for example, the domain A 60, are included. Assume that there is. In the second embodiment of FIG. 6, the device N 70 transmits the domain right to the external device 80 not belonging to the domain A 60, and the user N leaves the domain A 60.

Referring to FIG. 6, when the device N 70 transmits its own domain right to the external device 80, the domain context is passed through the smart card 20 (eg, Secure Removable Media (SRM)). (Domain Context) and domain usage rights are passed. That is, device N 70 first delivers the domain context and domain rights to smart card 20, and then transfers the domain context and domain rights from smart card 20 to an external device. do. Each transfer of the domain context and the domain right is made through a secure channel after mutual authentication and a secure channel are formed, as in the authentication process of FIG. 3 (ie, S41 and S46). Meanwhile, mutual authentication is performed in the same manner as in the authentication process of FIG. 3 (that is, S41 and S46), and for this purpose, CRL (Certificate Revocation List) management is required. On the other hand, after each transfer (or move) process of the domain context and the domain right is successfully performed, the transferred domain right and the domain context are deleted from the transmitting device (i.e., device N 70). . Accordingly, device N 70 loses the right to use a domain and can no longer use the corresponding domain contents. On the other hand, the external device 80 that has received the domain context and the domain right, if necessary, RI, which has issued the domain context and the domain right by using information included in the domain context and the domain right, 40) must be registered. Here, the domain A 60 may be a domain defined in OMA DRM 2.0, or may be a user domain defined in the field of home entertainment network.

In addition, the domain right once stored in the smart card 20 and the domain context are not transferred back to the external device 80, but are mounted on the external device 80 as it is stored in the smart card 20 as it is. It may be rendered directly through the external device 80 (eg, inserted through a mounting such as a socket). In this case, since the smart card 20 continues to have a domain right, the subject using the content can be regarded as the smart card 20.

Hereinafter, the configuration and operation of the apparatus according to the present invention will be described with reference to FIG.

The device (terminal) according to the present invention includes a basic hardware configuration necessary for sharing domain rights and other domain rights or DRM contents to other devices through multimedia. That is, the device 100 according to the present invention includes a socket portion 101 into which a multimedia medium (for example, a smart card) can be mounted and detached. Here, the multimedia medium may correspond to a smart card, a user identity module (UIM) or a subscriber identity module (SIM), a secure MMC card, and various memory cards. Accordingly, the socket unit 101 may be configured according to the type of the multimedia medium. The form is determined.

In addition, the apparatus 100 according to the present invention includes a transceiver 102 which transmits and receives a signal for performing registration by accessing a RI (Rights Issuer) and also receives a domain list provided by the RI.

The apparatus 100 according to the present invention further includes a display 103 which is displayed after the domain list received by the transceiver 102 is processed by the processor 106.

In addition, the device 100 according to the present invention, if the user selects a specific domain from the domain list displayed on the display 103, the user has at least owned to share domain rights in the specific domain And a DRM agent 104 that processes signals for joining one or more devices to that particular domain.

In addition, the apparatus 100 according to the present invention includes a memory 105 for storing domain context and domain usage rights received from the RI, and for storing DRM content.

In addition, the apparatus 100 according to the present invention processes the signals using the DRM content using the domain context and the domain right,

And a processing unit 106 for processing to transfer the domain context and the domain usage right to the multimedia medium mounted in the socket unit 101. The processor 106 may also be referred to as a controller. In addition, the detailed functions and operations of the components of the apparatus 100 are applied to the corresponding parts described with reference to FIGS. 2 to 6.

However, the device 100 according to the present invention, in addition to the components shown in FIG. 7, essential essential components of the device (terminal) required for using the DRM content are obvious to those skilled in the art. The description thereof is omitted.

In the above, the present invention has been described with reference to the embodiments shown in the drawings, but this is merely exemplary, and those skilled in the art may realize various modifications and other equivalent embodiments therefrom. I will understand. For example, in the present invention, a smart card collectively refers to a physical or logical medium or device that transfers (or moves) domain keys and / or domain contents between devices, and is not limited to the literal meaning itself. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

As described above, the present invention has the effect that a plurality of terminals joined to a specific domain can share the DRM content.

In addition, the present invention has the effect of sharing and transferring a domain key and domain contents among a plurality of terminals through a physical medium called SRM (Secure Removable Media), such as a smart card.

In addition, the present invention has the effect of increasing the use of digital rights because a user owning a plurality of terminals can share the DRM content and the right to use the DRM content among the plurality of terminals.

Claims (25)

A method of moving a domain RO from a connectable device to an unconnectable device in order to allow one or more devices participating in a particular domain in a digital rights management system to share a domain rights object (RO), Registering a first device and one or more second devices with a Rights Issuer (RI), wherein the first device is a connectable device having a communication function, and the second device is an unconnectable device without a communication function; When the first device joins a first domain, the first domain is one of a plurality of domains created and managed by the RI; Selecting, by the first device, a second domain to join the second device from the domain list received from the RI; Joining the one or more second devices to the selected second domain to share the domain rights (RO) by the first device; Receiving, by the first device, first information including a domain key for the domain right (RO) from the RI, the first information includes a 'domainInfor' element, and the 'domainInfor' element Information on issuing a domain key to the one or more second devices participating in the first device and the second domain, wherein the 'domainInfor' element includes each deviceID of the first device and the second device, The deviceID may join the specific domain to use the domain key, and may use the SRMStore parameter instructing the DRM agent to perform the JoinDomain protocol for storing the domain key in a third device. Mean, Storing, by the first device, the first information in the third device; The one or more second devices receiving the stored first information from the third device; And The at least one second device decoding the domain right (RO) using the received first information and using DRM content using the decoded domain right (RO). Usage rights movement method in a digital rights management system. The method of claim 1, And receiving, by the first apparatus, at least one of domain content and domain usage rights from the RI. The method of claim 1, wherein receiving the first information comprises: Before the first device delivers the first information to the third device, And authenticating, by the third device, the first device. The method of claim 1, wherein the receiving of the first information by the second device comprises: Before the third device communicates the first information to the second device. The first device further comprises the step of authenticating the third device. The method of claim 1, wherein the first information is A method of moving a right in a digital rights management system, characterized in that it is a domain context. The method of claim 1, wherein the first information is And at least a domain key for decrypting the domain right. delete delete The method of claim 1, wherein the third device A method of moving usage rights in a digital rights management system, characterized in that it is a Secure Removable Media (SRM) or a smart card. The method of claim 1, wherein the second device And transmitting the first information to a fourth device and leaving the second domain. The apparatus of claim 10, wherein the second device is And delivering at least one of domain content and domain usage rights to the fourth device. delete delete delete delete delete delete The method of claim 1, wherein the third device And a device that can be attached to or detached from the first device or the second device. delete delete delete delete delete delete delete

Images